CVE-2025-54290

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...

Creativeitem Ekushey CRM 跨站脚本漏洞

Creativeitem Ekushey CRM is an open source project management script by Creativeitem. A cross-site scripting vulnerability exists in Creativeitem Ekushey CRM that stems from insufficient validation of user input and could lead to a stored cross-site scripting attack...

PT-2025-40333

Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD versions prior to 5.21.4 Description An information disclosure issue exists in the image export API of Canonical LXD. A network attacker can determine project existence without authentication b...

CVE-2025-61096

The CVE-2025-61096 entry affects PHPGurukul Online Shopping Portal Project v2.1. Affected component: /shopping/login.php fullname parameter. Root cause: SQL injection due to lack of input validation/escaping in fullname, enabling arbitrary SQL execution. Documented impact: unauthorized access to ...

PT-2025-40338

Name of the Vulnerable Software and Affected Versions Ekushey CRM version 5.0 Description A stored cross site scripting issue exists in Ekushey CRM version 5.0 due to insufficient validation of user-supplied data. The issue is located in the project file upload functionality via the...

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5 and 5.21.4, which stems from the existence of an information leak in the Image API that could lead a remote attacker to determine the existence o...

PT-2025-40337

Name of the Vulnerable Software and Affected Versions Ekushey CRM version 5.0 Description A stored Cross Site Scripting issue exists in Ekushey CRM version 5.0 due to insufficient validation of user-supplied data. The issue is located in the project bug creation functionality, accessible via the...

PT-2025-40334

Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD versions prior to 5.21.4 Description An information disclosure issue exists in the images API of Canonical LXD. This allows unauthenticated remote attackers to determine project existence by...

PT-2025-40398

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project versions 2.1 Description The software is susceptible to a SQL Injection issue. This flaw is located in the /shopping/login.php file and can be triggered through the fullname parameter. Recommendations...

CVE-2025-11195

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...

BIT-GITLAB-2025-5069 Incorrect Ownership Assignment in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's...

BIT-GITLAB-2025-10871 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves...

Malicious Package

Overview plonkscript-ui-project is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

DEBIAN-CVE-2025-39917

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds dynptr write in bpfcryptocrypt Stanislav reported that in bpfcryptocrypt the destination dynptr's size is not validated to be at least as large as the source dynptr's size before calling into the crypto...

CVE-2025-56807

A cross-site scripting XSS vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders...

CVE-2025-11195

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...

CVE-2025-11195

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...

CVE-2025-11195

Rapid7 AppSpider Pro versions below 7.5.021 are affected by a project name validation bypass. The issue arises from insufficient verification of project name uniqueness when editing the configuration file outside the application, allowing an attacker to set a project name to one that already exis...

CVE-2025-11195 Rapid7 AppSpider Project Name Validation Bypass

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...

CVE-2025-11195 Rapid7 AppSpider Project Name Validation Bypass

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...